[SERVER-8291] Allow SSL and Non SSL Ports Created: 23/Jan/13  Updated: 15/Feb/13  Resolved: 23/Jan/13

Status: Closed
Project: Core Server
Component/s: Networking, Performance, Security
Affects Version/s: None
Fix Version/s: None

Type: Improvement Priority: Major - P3
Reporter: Charlie Mason Assignee: Unassigned
Resolution: Duplicate Votes: 1
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Duplicate
duplicates SERVER-524 Encryption of wire protocol with SSL Closed
Participants:

 Description   

Currently the SSL functionality is an all or nothing approach. I would like the ability to have a second set of ports configured which were secured via SSL and leave the standard ones unencrypted. In the same way the web servers use port 80 and 443 by default.

That would give the client the opportunity to choose if they wanted to use SSL or not. By using different ports its would also give network admins control over this. e.g. forcing external users to use SSL.

The most obvious use case: having a primary data centre and a disaster recovery data centre. You want the external connections to take place over SSL and the internal ones can safely avoid the overhead. You can use the firewall to prevent external access to the unencrypted ports.

Another use case: Allowing external admin users secure access whilst allowing the primary application running in the same DC to avoid the performance overhead of SSL.



 Comments   
Comment by Scott Hernandez (Inactive) [ 23/Jan/13 ]

Charlie, I've updated the orig. issue to be more clear on supporting both connection types concurrently as well as other modes.

Generated at Thu Feb 08 03:17:02 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.